Invalid certificate when pulling docker images

[TMzethar]

We have also found similar issues with older Docker clients from other devices. This is likely a limitation of the DockerHub website.

[pipa89]

We have also found similar issues with older Docker clients from other devices. This is likely a limitation of the DockerHub website.

But that is your job as a company, to find solutions to problems.
You have to solve this and as soon as possible, it cannot be that you cannot use the applications that the nas already has, it is that in this case it would be giving false advertising because it says that it has docker and it does not work.
I hope you can help us.

[TMzethar]

Regarding the issue of older Docker apps not being able to fetch images from the new Docker Hub site, while we don't have a solution for this at the moment, we will continue to try and keep a close eye on it.

[f18m]

hi TMzethar,
I think I got a bit more insight as to why the docker client on TOS4 is unable to pull docker images.
I noticed that the problem is not actually the docker registry itself (as I wrote previously in this topic).
E..g the following pull fails even if it's done against GitHub Container Registry:

Code: Select all

docker pull ghcr.io/eschava/psmqtt:1.0.0

I think that happens because the image is a multi-arch image.
What I did was to fork that project and create a single-arch docker image and push it as 'f18m/psmqtt:1.0.0'.
Then the docker pull succeeds:

Code: Select all

docker pull ghcr.io/f18m/psmqtt:1.0.0

As pointed out by others on the web, the issue is proabbly due to the "minimal SLSA Provenance attestation", see the docker buildx changelog: https://github.com/docker/buildx/releases/tag/v0.10.0
Indeed the API version used by docker 17.06 installed on TOS4 is 1.31:

Code: Select all

root@TNAS-FF # docker version 
Client:
 Version:      unknown-version
 API version:  1.30
 Go version:   go1.7.4
 Git commit:   unknown-commit
 Built:        unknown-buildtime
 OS/Arch:      linux/arm64

Server:
 Version:      17.06.0-dev
 API version:  1.31 (minimum version 1.12)
 Go version:   go1.7.4
 Git commit:   6d92b0ee1
 Built:        Sun May 22 01:10:00 2016
 OS/Arch:      linux/arm64
 Experimental: false

while the most recent API version is 1.45. I didn't investigate more but I think between API version 1.30 and 1.45 the SLSA Provenance attestation has been added.

Now my question is: what's the latest docker version that can be installed on TOS4 ? Do you know?
I think you mentioned kernel compatibility issues in some post. At this page https://docs.docker.com/engine/install/binaries/ the docker team mentions kernel 3.10 as minimal version. My TOS4 is running 4.4.18-g8bcbd8a-dirty so I don't expect that to be an issue?

Has TerraMaster reached out to Docker support to resolve this issue?

Thanks

[samsomus]

I confirm the above mentioned problem. Not a single image is loaded. Please find a way to solve this on F4-210. Don't let your team's reputation fall!

[DigitalAnalog]

Is this problem limited to just ARM TNAS devices?